Cyware Daily Threat Intelligence, November 19, 2020

Share Blog Post

A new variant of Grelos card-skimming malware is in the spotlight of researchers. Associated with the Magecart group, the variant is believed to be a part of the compromise of Boom! Mobile earlier this year. It features a loader stage and a skimmer stage, both of which are encoded using the base64 algorithm.

Apart from this, the past 24 hours saw security updates from Cisco and Drupal for their products. While Cisco’s security updates fixed three vulnerabilities affecting its Webex video conferencing platform, the patch from Drupal addressed an RCE flaw affecting its versions 7, 8, and 9.  

Top Breaches Reported in the Last 24 Hours

Liquid hacked
Liquid, one of the largest cryptocurrency exchanges, has disclosed a security breach that exposed its customers’ personal information. The incident occurred on November 13 after a domain name hosting provider inadvertently transferred control of the account and domain to a malicious actor. It is not clear whether the actor obtained access to personal documents.

Top Malware Reported in the Last 24 Hours

New Grelos malware
A new variant of Grelos skimming malware has been spotted in the wild. Linked to the Magecart group, the malware was a part of the attack against U.S.-based Boom! Mobile. It operates in the same manner as other card-skimming malware.

Emotet is back
Cisco Talos has published an extensive report on Emotet's activity in 2020. The report throws light on its modus operandi, its targeted organizations, and countries. The firm managed to do so by obtaining ownership of several domains used by Emotet operators to send SMTP communications.

Top Vulnerabilities Reported in the Last 24 Hours

Drupal patches an RCE flaw
Drupal has released a security update to patch a remote code execution vulnerability affecting its versions 7, 8, and 9. Tracked as CVE-2020-13671, the flaw is classified as critical and arises due to failure to properly sanitize the names of uploaded files.

Cisco patches three flaws
Cisco has fixed three bugs in its Webex video conferencing platform that can allow attackers to covertly join and steal information of attendees in a meeting. The flaws are tracked as CVE-2020-3419, CVE-2020-3471, and CVE-2020-3441. These vulnerabilities work by exploiting the handshake process that Webex uses to establish a connection between meeting participants. Apart from this, Cisco has also issued a patch for a remote code execution vulnerability in its Security Manager.

 Tags

bumble dating app
americold
cencosud
liquid
webex video conferencing
grelos malware

Posted on: November 19, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!